SUMMARY

• Over 6+ years of Experience in designing, deploying and troubleshooting network & security infrastructure for Enterprise Environments.
• Experience on Palo Alto NG Firewall configurations including URL filtering, Threat prevention, Data filtering, IPsec Tunnels, SSL - VPN and Zone Protection.
• Expert in configuring Security policies using App ID, Services, Security profiles and URL category.
• Experience on configuring and troubleshooting HA, Zones, VLANs, Routing, and NAT on firewalls as per the design requirements.
• Sound knowledge on Panorama, Wildfire, FireEye and its integration with Palo Alto Firewalls.
• Experience with CISCO ASA Content Security and Control Security Services Module (CSC - SSM) and Advanced Inspection and Prevention Security Services Module (AIP-SSM).
• Responsible for Palo Alto, Check Point and Cisco ASA firewall administration across global locations.
• Experience on Access Control Server configuration using AD, RADIUS & TACACS+.
• Experience in configuring and Troubleshooting BIG-IP LTM and GTM in F5 load balancers.
• Extensive experience in dealing with vendors for MPLS/DSL installations.
• Proficient in configuration & troubleshooting of routing protocols: BGP, OSPF, EIGRP, MP - BGP and their redistribution over the networks.
• Hands on experience in deploying GRE tunnels, IPSEC Tunnels, SSL-VPN, Site-Site VPN and DMVPN.
• Proficient in implementation of filters using Standard and Extended access-lists, Time-based access-lists, Route Maps.
• Experience on implementing route manipulation using Offset-list, route metrics.
• Implemented redundancy protocols like HSRP, VRRP, and GLBP.
• Implemented VSS along with VDC and VPC on Nexus 5K, 7K switches.
• Configuring and Troubleshooting DNS, DHCP issues over large scale networks.
• ImplementingEther-channel modes dynamically with PAgP, LACP.
• Expertise in Configuration and troubleshooting of STP, RSTP, PVST, RPVST, BPDU Guard and BPDU filtering on Switches.
• Experience in configuring VLANs, Inter-VLAN routing, Trunk ports and Port security.
• Expertise in implementing IP Address management and subnetting concepts on various Network architectural designs.
• Knowledge on BOM and managed inventory for network hardware.
• Hands on experience troubleshooting network traffic using tools like ping, traceroute, Wireshark, SolarWinds and TCP dump.
• Expert in managing and monitoring the network devices using Syslog, SNMP, and NTP.
• SME in OSI layer model/TCP/IP.
• Well-organized in documenting tools like Microsoft VISIO, Microsoft Office.
• Operating Systems: Linux, Windows Server 2008/2012, Windows 7/8, Microsoft Hyper-V.
• Design, install, configure and isolate faults in Cisco Wireless LANs and assess WLAN encryption and security options.
• Configuring Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 7000.

TECHNICAL SKILLS

LAN Technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, LWAPs, IEEE 802.11, Token Ring, Workgroup, Domain, HSRP, DNS, Static, VLAN, STPVTP, Ether Channel, Trunks.

WAN Technologies: HDLC, PPP, Channelized links (E1/T1/E2/T2), Leased Line, ISDN/Dial-Up, Frame Relay circuits, Metro Ethernet, ATM, SONET, MPLS, VPN, IPsec-VPN.

Routing Protocols: OSPF, EIGRP, BGP, RIP v1/v2, Route redistribution, Route filtering, Summarization, Static route, OSPF, BGPv4, MP-BGP.

Routers dealt with: Cisco 7606, 7609, 3845, 3660, 2921, 2691, 1812, Juniper MX series, SRX, QFX and T series routers

Switching Technologies: VLANs, Inter VLAN routing and Port Channels, VTP, Spanning Tree Protocols like PVST+, RSTP+, Multi-Layer Switching, Port security, VSS, and CEF.

Switches dealt with: Nexus 5548, 5596, 56128P, 6000, 7009, 7018; Cisco Catalyst: 6506, 6509, 4928, 4948, 4507, 4510, 3750G, 3750X, 3560, and 2960

Network Security Technologies: ASA 5550/5540 Firewalls, Juniper SRX Firewall, Palo Alto firewall PA 200, 3000, Check points, Access Control Lists, IPsec, IDS, and IPS

Firewalls: Cisco ASA 55XX series, Checkpoint R75, R76, Palo Alto 5000, 3000 series

Network Management: Wireshark, SNMP, Netflow, Solarwinds, Tufin, Splunk, SYSLOG, NTP, DHCP, TFTP.

Load Balancers: F5 Network (Big-IP) LTM 8900 and 6400

Redundancy Protocols: HSRP, GLBP, VRRP

NEXUS Features: VDC, VPC, VRF, FEX, Fabric Path, F & M Series line cards

VPN Technologies: GRE Tunneling, Remote Access VPN, Site-to-Site VPN, ASA 5505 Firewall, AIP SSM, CSC SSM, FWSM, ACL- Access Control List, IPS/IDS, NAT, PAT.

AAA Architecture: TACACS+, RADIUS, Cisco ACS

Operating Systems: Windows (98, ME, 2000, XP, Vista, Windows 7, 8.1), Linux, Hyper-V(ESX, KVM)

PROFESSIONAL EXPERIENCE

Confidential, Walnut Creek, CA

Network Security Engineer

Responsibilities:

• Provides level 2/3 operational support for Process Control networks and Security technologies.
• Hands on experience with Palo Alto NGF (5060, 3060) with security and management features such as URL filtering, data filtering, Threat prevention and Log Management.
• Responsible for the GUI PANORAMA management for logging sessions, creating reports and managing different firewall devices.
• Implementing APP-ID which defines custom applications and comprehensive set of predefined applications to be applied on firewall policies.
• Worked on proactive threat analysis using AutoFocus which is built on Wildfire platform.
• Configuring Zones, Virtual routers and interfaces on Palo Alto Firewall.
• Working knowledge on proxy services, Site to Site VPN tunnels, and SSL certificates.
• Configured Palo Alto to Wildfire cloud to mitigate Zero day attacks.
• Responsible for configuring the Palo Alto to mitigate DOS, DDOS, Data leak attacks using Dos Protection, Threat Prevention and Data Filtering.
• Implemented security policies by creating groups (objects) and specific policies as per the user levels.
• Responsible for Palo Alto software and firmware upgrades.
• Maintaining Palo Alto Firewall & analysis of firewall logs.
• Configuring VPN (IPSEC, GRE) in VPN concentrators and QOS in integrated networks.
• Responsible for migrating Cisco ASA firewall to Palo Alto firewall.
• Worked on the security levels with RADIUS, TACACS+, and KERBEROS for client authentications in various locations.
• Experience working with design and deployment of MPLS layer 3 VPN Cloud, involving VRF, Route Distinguisher, Route target, Label Distribution Protocol.
• Expertise in configuring routing protocols and deployment of OSPF, EIGRP, BGP and policy based routing.
• Managed the IP address space using subnets and variable length subnet masks (VLSM) and Monitored the operability and reliability of the network.
• Key contributions include troubleshooting ofcomplex LAN/WANinfrastructure that include routing protocolsEIGRP, OSPF and BGP.
• Captured packets by configuring span port and analyzed using WIRESHARK and TCPDUMP.
• Analyze and visualize the machine data using SPLUNK in real-time.
• Worked with application development teams to ensure that their applications are routed properly for interaction.
• Hands on experience in troubleshooting VPC, Subnets, Routing tables, Internet gateways.
• Experience working with VMware ESX and KVM environment.
• Responsible for investigating and troubleshooting incidents related to Cyber Security.
• Develops and shares best practices with the other support teams.
• Perform networkscanning and vulnerability assessments.
• Participates and or leads risk assessments and compliance evaluations of new technologies.
• Provide subject matter Expertise in the area of network switches, routers, firewall, and security technologies.
• Handle Incident tickets related to the issues in the firewall and provide prompt support when any issue pops up.

Environment: Palo Alto NGF (5060, 3060), Net Flow, RADIUS, TACACS, EIGRP, OSPF, BGP, VPN, MPLS, Ether Channels, Cisco 7200/3845/3600/2800 routers, Sniffers, Cisco 6509/ 3750/3550/3500/2950 switches.

Confidential, Bloomfield, CT

Network and Security Engineer

Responsibilities:

• Excellent Troubleshooting Skills and Customer Centric approach.
• Expertise in Configuring, Monitoring and Troubleshooting Palo Alto (5040, 3020), Cisco and checkpoint firewalls.
• Responsible for writing firewall rules based on applications, users and content.
• Implementing USER-ID on Palo Alto firewall which identifies supported IP-to-USER mapping strategies.
• Configured and installed the Firewall pair in High Availability mode as Active/standby and managed through the management port.
• Monitored networklogs and securityevents generated by the securityappliances and determined the correct action or escalation path.
• Worked Extensively on Cisco PIX and ASA Series firewalls.
• Designed and implemented DMZ for Web servers, Mail servers & FTP Servers using Cisco ASA Firewalls.
• Involved in Installing and Configuring a Cisco secure ACS server for AAA authentication.
• Configured Client-to-Site VPN on Cisco ASA firewalls.
• Responsible for Cisco ASA firewalladministration, Rule Analysis and Rule Modification.
• Configured Site-Site VPN and Remote Site VPN on Checkpoint Firewall.
• Worked on Checkpoint Firewall Clusters of High Availability and load balancing.
• Strong Knowledge in working with F5 Load Balancers and their Implementation in various Networks.
• Involved in design and implementation of Data Center Migration.
• Managed and troubleshooting the Core, Distribution, and Edge Routers.
• Worked on implementation strategies for the expansion of the MPLS VPN networks.
• Configuration and deployment of routing protocols like OSPF, EIGRP & BGP over Cisco Routers in Production environment.
• Experience with manipulating various BGP attributes such as Local Preference, MED, and Extended Communities.
• Configured security policies including NAT/PAT, Route-maps, Prefix lists and Access Control Lists.
• Provided BGP routing protocols for implementing multi-homing connection and carried out Route-redistribution between different routing protocols like OSPF, BGP, and EIGRP for increased efficiency.
• Configured redundancy protocols like HSRP, VRRP and GLBP.
• Switching tasks include VTP, ISL/ 802.1q, VLANs, Ether Channel, Port security, STP and RSTP.
• Design, implementation and troubleshooting (disaster recovery) of the LAN IP infrastructure.
• Analyzed packets using NMAP, Tufin and WIRE SHARK.
• Worked On Linux, and Windows Platforms and also involved in planning of Network Maintenance.
• Implemented and configured SNMP, Syslog and traps on Cisco routes to allow for network management.
• Worked in upgrading of the IOS Version of the Routers & Switches including Nexus 7k and C3750 using the TFTP Server.
• Managing the service request tickets within the phases of troubleshooting, maintenance, upgrades, fixes, patches and providing all-round technical support.

Environment: Palo Alto 5040 and 3020, Cisco catalyst 6509, 7609, Cisco PIX (506E/515E/525/) & ASA 5500(5510/5520), Cisco 3750, F5 Load Balancers, OSPF, BGP, EIGRP, LAN, WAN, VPN, HSRP.

Confidential

Network Engineer

Responsibilities:

• Established, managed, and optimized network uptime and provided end-user support for users.
• Worked closely with the securityteam on the deployment and troubleshooting of Cisco ASA, checkpoint and Palo Alto firewalls to apply policies.
• Establishing VPN Tunnels using IPsec encryption standards and also configuring site-to-site VPN, Remote VPN.
• Applying crypto maps and security keys for the branches, ISAKMP (Internet security association key management protocol) for establishing Security associations (SA) cryptographic keys.
• Provide Tier III Level Load Balancer expertise on F5 Big IP Local Traffic Managers (LTM).
• Designing F5 solutions/support for migration work of applications and websites from Cisco CSS Load Balancers to the F5 BIG IP Load Balancers.
• Worked on BGP configuration for providing redundant internet connectivity using BGP attributes, Route maps, prefix-lists.
• Installing, configuring Cisco Catalyst switches 6500, 3750 & 3550 series and configured routing protocols like OSPF, EIGRP, BGP with Access Control lists implemented as per Network Design.
• Responsible for configuring MPLS VPN cloud with CE and PE using protocols like eBGP and iBGP.
• Configured EIGRP and OSPF as interior Gateway protocol route filtering and route redistribution.
• Well experienced in configuring HSRP, VRRP, GLBP, PAP, and CHAP.
• Involved in finding the issues for flapping BGP routes and OSPF routes.
• Coordinating with Security team for NAT configuration and troubleshooting issues related to access lists and DNS/DHCP issues within the LAN network.
• Creating and managing user accounts to all team members in partner environment.
• Expertise in maintenance of layer2 switching tasks which advocate VLAN, VTP, STP, RSTP, PVST, RPVST, configuring of ether channel with LACP and PAGP along with troubleshooting of inter-VLAN routing.
• Enabled STP Enhancements to speed up the network convergence that include Port-fast, Uplink-fast and Backbone-fast.
• Packet capturing, troubleshooting on network problems with Wireshark, identifying and fixing problems.
• Monitoring Network infrastructure using SNMP, Solar-winds and Opnet.
• Communicating and escalating tickets with service providers for network outage issues.
• Involved in complete LAN, WAN redesign (including IP address planning, designing, installation, pre configuration of network equipment, testing, and maintenance) of both Campus and Branch networks.
• Hands on experience with troubleshooting and configuring terminal servers.
• Hands on using crimp tools, punch down tools to punch cables to the 110 data/voice blocks.
• Worked on Physical site; latency and slowness issues in transmitting results within internal network.

Environment: Cisco 2948/3560/4500/3560/3750/3550/3500/2960/6500 switches. Cisco3640/12000/ 7200/3845/3600/2800 routers, Palo Alto 2k,3k, checkpoint firewall, Cisco ASA, RIP, OSPF, BGP, EIGRP, MPLS, LAN, WAN, VPN, HSRP.

Confidential

Junior Network Engineer

Responsibilities:

• Involved in configuration and management of different Layer 2 switching tasks which includes address learning, efficient switching etc.
• Dealt with the escalation problems from Level1, Level 2 & Level 3 for routing, switching and WAN connectivity issues using ticketing system Remedy.
• Responsible for day to day management of Cisco Devices, Traffic management and monitoring.
• Set up and troubleshoot secured wireless access points for broadband Internet.
• Configured & maintained LAN, WAN, VPN, and WLAN on Cisco Routers.
• Configured networkaccess servers and routers for AAA Security (TACACS+).
• Managing and configuring of Wide Area Networking Protocols like HDLC, PPP.
• Configuring Routing Protocols like EIGRP, BGP, and OSPF.
• Implemented the concept of Route Redistribution between different routing protocols.
• Involved in HSRP, VRRP, GLBP configuration and troubleshooting and Port channel management of the network.
• Dealt with NAT configuration and its troubleshooting issues related access lists and DNS/DHCP issues within the LAN network.
• Switching related tasks included implementing VLANS, Ether channel and configuring ISL trunk on Fast - Ethernet channel between switches.
• Configuration included VTP, STP port features, enterprise security using Cisco Port Security.
• Designed and implemented an IP addressing scheme with subnets for different departments.
• Involved with the Systems team to Install, configure, & maintain AD, DNS, DHCP on Windows Server, and also configured a FTP server.
• Troubleshooting of TCP/IP problems and connectivity issues in multi-protocol Ethernet environment.
• Analyze Log messages using Syslog server and analyze the issues related to high CPU utilization and parameters that can degrade performance of the network.
• Used various Network sniffers like Wireshark, TCP dump etc.
• Operating Systems:Microsoft XP/Vista/7, Windows Servers, MS-Office and MS VISIO.
• Hands-on experience on Up-gradation of Cisco IOS on different Cisco devices and modules.
• Support 24x7 operations and answer calls from the customers on network emergencies.
• Responsible for service request tickets generated by the helpdesk in all phases such as troubleshooting, maintenance, upgrades and patches with all around technical support.

Environment: Cisco Routers 2900, 2600, 3600; Cisco Switches 1900, 2900, 3500, 3700 and 4500s Series; LAN/WAN, NAT, DHCP, TCP/IP.